The pStr argument to dissect_mq_charv() isn't modified (and always
points to a character string), so make it a "const char *", and
eliminate the casts to "guint8 *" in calls to it.
Change-Id: I21dad38c41324528be297a8ddc1854beff2276db
Reviewed-on: https://code.wireshark.org/review/2877
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead of calling the grep/sed pipelines for each file, build the
list of files in the beginning and call each pipeline only once,
passing the list to the first grep.
This results in a massive speedup in Cygwin; in my test, the time
it takes to run make-dissector-reg . dissectors packet-*.c in dissectors/epan
is reduced from ~116 to ~3 seconds. I also tried it on NetBSD, where
the time do to the same goes from ~6 to ~0.5 seconds.
Amend makefile comments to elide mentions of invoking multiple processes
per file.
Change-Id: Iad441e7d2b6cc3669dada57646e2f8f6b987fd34
Reviewed-on: https://code.wireshark.org/review/2826
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: I66f0bffb987568c3d4c14a06bdc90465c877b27f
Reviewed-on: https://code.wireshark.org/review/2867
Reviewed-by: Michael Mann <mmann78@netscape.net>
Fix version detection (detect against full string instead of prefix),
properly dissect Tcreate extension field (9p2000.u only), dissect
Tunlinkat flags (9p2000.L).
Refactor pattern to dissect string[s] types for DRY.
Convert to use tcp_dissect_pdus. I have not seen a fragmented case, but
maybe that may happen in the future.
The main motivation for touching 9p was that it returns bogus values
for some types. This has been fixed by properly increasing offset, and
always return the captured length.
Change-Id: If2184204ae9c853b94aca8ade3763d7fe523fa86
Reviewed-on: https://code.wireshark.org/review/2836
Reviewed-by: Christopher Maynard <Christopher.Maynard@gtech.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I8df48b25de784a48a25f0e48aac1e1545ed92c35
Reviewed-on: https://code.wireshark.org/review/2865
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I621f2e2cad9403449cb78f45302388f0c874d3bc
Reviewed-on: https://code.wireshark.org/review/2852
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Idd1b20ab32c0960ea52c6f3bc5346462c37c5684
Reviewed-on: https://code.wireshark.org/review/2853
Reviewed-by: Michael Mann <mmann78@netscape.net>
USB Addresses are now in the format of: bus_id.device_address.endpoint
This makes it much easier to read traces that captured traffic on
more than one bus.
Change-Id: I264db2ceea712d94632d5d08d05d3af22a4a03fe
Reviewed-on: https://code.wireshark.org/review/2833
Reviewed-by: Evan Huus <eapache@gmail.com>
These changes were originally done in g971ffd6
Change-Id: I9de28ba7089f99e8058207f3b6d34de931decf76
Reviewed-on: https://code.wireshark.org/review/2835
Reviewed-by: Bill Meier <wmeier@newsguy.com>
- Properly dissect multiple VNC PDUs in one (or more) TCP segment(s).
- Dissect additional message types ('Fence' and 'Enable Continuous Updates').
- Handle "num_rects" field = 0xFFFF (TightVNC).
- Add some more info as to sources of information about the VNC protocol.
- Add an XXX note as to the (incorrect) reassembly method being used.
- Add some notes as to possible ToDo's.
Change-Id: Id4942c50b3d1373bd2e72c0131614835dc39ba90
Reviewed-on: https://code.wireshark.org/review/2834
Reviewed-by: Bill Meier <wmeier@newsguy.com>
This reverts commit b136182ad4
This function are already marked inline, and profiler don't show much difference in performance,
revert as previous version is cleaner.
Change-Id: I1ac2c30a91b46278730ceee127efa086c7fbc6d6
Reviewed-on: https://code.wireshark.org/review/2828
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The groups are, technically, independent of the notion of a menu, and,
if we have mechanisms by which taps that are not only GUI
toolkit-independent but independent of the *existence* of a GUI can be
registered, they might want to register themselves in a group just in
case they're running in a program that has a GUI.
Also, this might fix the Debian package build.
Change-Id: I29435681e79748fd4f2e0c5ac872cd11f831d172
Reviewed-on: https://code.wireshark.org/review/2830
Reviewed-by: Guy Harris <guy@alum.mit.edu>
wsutil contains the only code that uses version.h; make the dependency
explicit, to see whether that fixes the current build issues with Debian
packaging.
Also, get rid of all *other* dependencies on gitversion.
Change-Id: I89fa5e4112633b83a1a7dfa349bc337e3688575f
Reviewed-on: https://code.wireshark.org/review/2823
Reviewed-by: Guy Harris <guy@alum.mit.edu>
NDPS dissector is also the poster child for not being considered "that naughty" by checkAPIs because most of its proto_tree_add_text calls don't have printf-style arguments (which is what checkAPIs really keys off of)
Fixed both cases and removed about 370 proto_tree_add_text calls from the dissector.
Change-Id: I721678c39d4a0544e5e7212e622c0c2eebfd04f7
Reviewed-on: https://code.wireshark.org/review/2775
Reviewed-by: Evan Huus <eapache@gmail.com>
Fetch header value, only when we need to parse it.
Change-Id: I3c170ef8ab03985c8111a1b84ac1afc87bc8b5ca
Reviewed-on: https://code.wireshark.org/review/2767
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Apparently the new win8 vm has a *very* low-resolution timer, and the allocators
are indistinguishable at the previous amount of work.
Change-Id: If4e5bb8f85b1f0d39658f54001c88f42ffddfc47
Reviewed-on: https://code.wireshark.org/review/2768
Reviewed-by: Evan Huus <eapache@gmail.com>
As Anders correctly pointed out in I7d8f84b2e, constantly resetting state will
turn init_dissection into a bit of a hot path. Especially as we will already
bear the overhead of switching files, we don't want to fall any further behind
than we have to.
This change includes three unrelated optimizations that reduce the cost of
init_dissection by about 40% as measured by callgrind:
- only initialize ares/ADNS if that preference is enabled (this of course only
applies if you specify -n to tshark or otherwise disable the preference)
- use memcpy instead of a loop in sigcomp UDVM init
- use memcpy instead of a loop in bootp dissector
The only remaining obvious hot spot in this path is reassembly_table_init since
it is called by so many dissectors. Suggestions (perhaps to get rid of the
GPtrArray) welcome.
Oh, and one other change to use g_strerror instead of strerror as insisted
upon by the API pre-commit hook.
Change-Id: I18a74f2b64b25498116079bd4e7fc2b335c7703a
Reviewed-on: https://code.wireshark.org/review/2738
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use tvb_pbrk_guint8, tvb_find_guint8 when possible.
Change-Id: If8090d9b9b92146e9c216f139c056130d6b04e78
Reviewed-on: https://code.wireshark.org/review/2569
Reviewed-by: Anders Broman <a.broman58@gmail.com>
At the suggestion of Toralf Förster. This includes an expert info, as well as
making SSL a new-style dissector and rejecting traffic that looks like
unencrypted text.
Change-Id: Ib09ea0d97952330f092590ff3fc6488807cdbb81
Reviewed-on: https://code.wireshark.org/review/2693
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
Added dissection of the SIP Service-Route header.
Change-Id: Ic4523edb374ae03492af5853863dde501a0c30e0
Reviewed-on: https://code.wireshark.org/review/2721
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Unfortunately, certain proto_hier_tree_model.c functions
assume/require that a cookie generated by
proto_(first|next)_protocol_field() will never have a NULL value.
Bug introduced in gd47ae54.
Change-Id: I42763d02f700e15ca9b3ab9980943d4f8d933ca9
Reviewed-on: https://code.wireshark.org/review/2712
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: Id00f456479415adf0a219af6c9a2108d4b3642d0
Reviewed-on: https://code.wireshark.org/review/2702
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I7e016f10fcfdc0523bf2fe8c11295c0334f7c332
Reviewed-on: https://code.wireshark.org/review/2694
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If110de1e0555637264f86f1508858d569871a9c7
Reviewed-on: https://code.wireshark.org/review/2675
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: Ia7014003a3cff5181295172978d6c613c3b83b0b
Reviewed-on: https://code.wireshark.org/review/2676
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, note that we need to determine how to handle Application Layer
Feedback messages based on the SDP setup traffic for the session; recent
changes disabled dissection of REMB Application Layer Feedback messages
in favor of MS-RTP Application Layer Feedback messages. (This is why we
shouldn't remove dissect_rtcp_psfb_remb() unless REMB isn't being used
any more.)
Change-Id: Ib320bdf4a64263fdef29fc4ea2583eaae1cc4bee
Reviewed-on: https://code.wireshark.org/review/2684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Support for Profile Specific Extensions from MS-RTP
Support for RTCP Feedback Messages
Support for Application Layer Feedback Messages.
MS-RTP: Real-time Transport Protocol (RTP) Extensions
http://msdn.microsoft.com/en-us/library/office/cc431492.aspx
Change-Id: I1f1e6e60b5f9d09b1dffd7e308426c0b67914441
Reviewed-on: https://code.wireshark.org/review/2586
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. The only indication we get of an out-of-order value string is a message on
STDERR, so check that and fail the test if STDERR wasn't empty.
2. This exposes an out-of-order value string in packet-stun.c; fix it.
3. This triggered the pre-commit hook on packet-stun.c, which noticed an API
error (ENC_ASCII -> ENC_ASCII|ENC_NA); fix that too.
Change-Id: I36f87a2a87b40537119562f22a7e3012716ff239
Lesson: automated testing/tooling is both wonderful and scary.
Reviewed-on: https://code.wireshark.org/review/2682
Reviewed-by: Evan Huus <eapache@gmail.com>
Otherwise glib throws an assertion since the array we pass it is NULL.
Change-Id: I9159c1f5ad99b280c040cd790df3cf352738601f
Reviewed-on: https://code.wireshark.org/review/2680
Reviewed-by: Evan Huus <eapache@gmail.com>
Change-Id: I9339869defa47a862b6174d8821cdd8e6186f5c5
Reviewed-on: https://code.wireshark.org/review/2678
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Iac6a259a1081b907149c49023614a5053440e560
Reviewed-on: https://code.wireshark.org/review/2677
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I525ac2aae2bdbfd5f3a2f3b35f1bf10dde053f66
Reviewed-on: https://code.wireshark.org/review/2667
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Interactive Connectivity Establishment ICE Extensions 2.0
http://msdn.microsoft.com/en-us/library/office/cc431504.aspx
Change from review:
1) Change encoding for foundation to ASCII
2) Move case for MS_IMPLEMENTATION_VER.
Change-Id: Ic524a2fe811695478aba81af9cbb3dbd031bbce3
Reviewed-on: https://code.wireshark.org/review/2579
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change-Id: I2ea1892b5963cc5578cbdd2b03029ca8424f2267
Reviewed-on: https://code.wireshark.org/review/2640
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I5f573dffabb8685a8e5a334ff2bfb24d9838daa6
Reviewed-on: https://code.wireshark.org/review/2601
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
- Respect the length field when dissecting message sets
- Don't "wrap around" in capture when doing request/response matches
Also convert one instance to proto_tree_add_subtree, as an experiment.
Change-Id: Id161687865afa7ca83e6943a643bc54582f65554
Reviewed-on: https://code.wireshark.org/review/2624
Reviewed-by: Evan Huus <eapache@gmail.com>
see mon_bin_event() in the linux kernel where the setup_flag is set only
for control urbs
clean up various things related to this assertion:
remove type_2 parameter
show the iso descriptors in any case
calculate the end offset correctly, the end offset is the byte after the
iso data
Change-Id: Iebfbe6443c224a958a1697563aa8fb853d7aa8c2
Reviewed-on: https://code.wireshark.org/review/2541
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: Id06bd486114a80fb899f8dc148d48928e99e775e
Reviewed-on: https://code.wireshark.org/review/2602
Reviewed-by: Michael Mann <mmann78@netscape.net>
Since DTLS and TLS do not differ in handling ClientKeyExchange and
ServerKeyExchange, its dissection got moved to ssl-utils. The code is
based on the SSL dissector, with header field names adjusted to the
DTLS ones (those got capitalized). Besides a version difference (for
signatures), the header field and function names, the DTLS and SSL code
are equal (this is verified).
This patch refactors the dissectors for DHE_RSA and ECDHE to make use of
a common function to dissect the signed_params field. All offset
tracking is also removed in favor of exception handling by the
proto_tree_add_item function. Occurrences of proto_tree_add_uint are
also replaced by proto_tree_add_item for simplicity.
After those changes, the SKE dissector for DH key exchanges is updated
to handle the mandatory signature field in TLSv1.2, using the newly
added function. (bug 9208)
Another bug occurred after the length check removal, pre-TLS and
OpenSSL's old DTLS implemenation do not include a vector length in
the CKE. This is now also fixed. (bug 10222)
Other minor changes: comments added/corrected, renamed
keyex_dh -> keyex_dhe (includes DHE_RSA and DHE_DSS).
Bug: 9208
Bug: 10222
Change-Id: I76e835d56a65c91facce46840d79c1c48ce8d5dd
Reviewed-on: https://code.wireshark.org/review/2542
Reviewed-by: Evan Huus <eapache@gmail.com>
That way, the code that constructs the runtime version string doesn't
itself have to call libpcap and libz, and could be usable in programs
that don't call them.
While we're at it, add "with" to the run-time version information for
GnuTLS and libgcrypt, to match the compile-time version information, and
add the version information from libwireshark to TShark.
Change-Id: I3726a027d032270b032292da9314c1cec535dcd2
Reviewed-on: https://code.wireshark.org/review/2587
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Remove no longer needed system includes
Change-Id: Id9ffffaa7da5185041db63fa7611d348a1cc4b68
Reviewed-on: https://code.wireshark.org/review/2577
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
Profling SIP shows that gperf generated hashing code, is
3 times faster than using GHashTable & g_str_hash/_equal()
This result in about 1% improve of whole dissection (sip traffic with filter).
Change-Id: Id6bf64bacd872e2d1c30a1b6356db444b25ba326
Reviewed-on: https://code.wireshark.org/review/2116
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When dissecting with columns TCP dissector spends
around 1/4 time in col_append_fstr(), add col_append_lstr()
and do formatting by ourselves.
Change-Id: If90bc26242761884b4991e8db0db62c8f9e32690
Reviewed-on: https://code.wireshark.org/review/2527
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Presumably that was the intent.
Change-Id: Icf8529a23a9a36e7f12e446d67f3867771b221d8
Reviewed-on: https://code.wireshark.org/review/2566
Reviewed-by: Guy Harris <guy@alum.mit.edu>